[Chameleon] how to make a secure application on win32
Sears, Jeremy
Jeremy.Sears at CCRS.NRCan.gc.ca
Fri Mar 10 15:56:13 EST 2006
Sweet, Thanks for the tip.
So if one were to use ms4w to serve maps on www, the bigest concern is with
apache and security issues with apache, rather than with chameleon and/or
map server?
Jeremy
-----Original Message-----
From: Paul Spencer [mailto:pspencer at dmsolutions.ca]
Sent: March 10, 2006 3:49 PM
To: Sears, Jeremy
Cc: chameleon at lists.maptools.org
Subject: Re: [Chameleon] how to make a secure application on win32
Jeremy,
the primary reason that ms4w includes that disclaimer is because
earlier versions of apache included it. Also, we are not warranting
the software for production use. That being said, the default
configuration of ms4w is to prevent access to any directory except
the 'htdocs' directory. As far as I know, this is reasonably
secure. There may be additional things you can do in Apache to
prevent certain hacks also ... I'm not an apache conf expert ;)
You shouldn't need to move stuff around, though.
Cheers
Paul
On 10-Mar-06, at 3:22 PM, Sears, Jeremy wrote:
> Hi all,
>
> Im wondering if anyone can point me to documents etc that describe
> how to
> make a chameleon/mapserver application secure for use over the web.
> We have
> developed an application on ms4w and wish to make it available via
> http.
> Has anyone experience with this that could offer tips? On
> maptools.org's
> ms4w download page they indicate that ms4w shouldnt be used for
> production
> purposes. Does anyone know if ms4w can be made secure?
>
> I dont know much (anything really) about breaking into remote
> servers. Is it
> naive to assume that the following setup would be secure. By secure
> I mean
> an intruder would not be able to access mapserver's .map files to
> obtain
> database passwords etc, nor able to access httpd.conf files or do
> anything
> else besides look at the mapserver/chameleon output via valid http
> requests.
>
>
> A setup:
>
> A windows server on a LAN, running the ms4w/chameleon package. The
> ms4w/cham
> package installed in either a directory or a seperate partition of
> a hard
> disk. This partition/directory is open to WAN via a proxy server
> that can
> only access the the partition/ directory on wich ms4w is installed.
> Only
> http requests can be made through the proxy to the ms4w/chameleon
> installation.
>
> As I mentioned, Im new to security issues. Any suggestions would be
> great.
> Perhaps there is a more appropriate place to ask such a question?
>
> Thanks
> Jeremy
> _______________________________________________
> Chameleon mailing list
> Chameleon at lists.maptools.org
> http://lists.maptools.org/mailman/listinfo/chameleon
+-----------------------------------------------------------------+
|Paul Spencer pspencer at dmsolutions.ca |
+-----------------------------------------------------------------+
|Applications & Software Development |
|DM Solutions Group Inc http://www.dmsolutions.ca/|
+-----------------------------------------------------------------+
More information about the Chameleon
mailing list